Disarmed option not working properly

[Greg Matthews]

(replying to myself even tho I'm not a postfix user)

Greg Matthews wrote:
> Just upgraded to 4.57.6 and one of my options is no longer working. I have:
> 
> Disarmed Modify Subject = no
> Disarmed Subject Text = {Disarmed}
> 
> but the subject is still getting modified...
> 
> GREG

some more information on this, it looks like at least one message that 
has had the subject modified with the {Disarmed} tag should perhaps have 
been tagged with {Fraud} instead, here are the logs:

Dec 13 16:07:49 mailr-k MailScanner[22140]: Found phishing fraud from 
www.eztrackz.com claiming to be www.visualclick.com in kBDG53jH022296
Dec 13 16:07:49 mailr-k MailScanner[22140]: Found phishing fraud from 
www.eztrackz.com claiming to be 
www.formoreinfo,sampletasks,fullyfunctionalevals&more...http: in 
kBDG53jH022296
Dec 13 16:07:49 mailr-k MailScanner[22140]: Content Checks: Detected and 
have disarmed phishing tags in HTML message in kBDG53jH022296 from 
bounce-1514242-44084501 at list.novell.com

This looks like phishing is being lumped in with HTML tags and web bugs 
so that it triggers the Disarm rules rather than the Fraud rules.

I didnt notice this in the changelog.

Also, this doesnt explain the fact that the subject is being modified 
even tho it is configured not to altho it may point the way.

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.